This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Havex Malware

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Havex Malware

Tuomo
L1 Bithead

‎06-24-2014 03:47 AM

Hi all,

Do you have any information about PAN detection capability for the Havex malware family: http://www.f-secure.com/weblog/archives/00002718.html

Threat vault seems to produce no hits at the moment.

Tuomo

26 REPLIES 26

ITInfraNL
L0 Member

‎06-27-2014 01:51 AM

I would like more information on this too.

Nick

pulukas
L7 Applicator

‎06-27-2014 05:10 PM

This is not showing up yet in the threat vault as an existing update for PA.

https://threatvault.paloaltonetworks.com/

You can open a ticket with support to get a more specific update.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

PANUser-1234
L1 Bithead

‎07-01-2014 10:36 PM

Did you got some more information about havex/oldrea malware coverage in the threat signatures unitl now?

Andy

0 Likes Likes

LCMember2327
L1 Bithead
In response to PANUser-1234

‎07-02-2014 12:25 AM

Any update from PA?

0 Likes Likes

Dulle
L2 Linker

‎07-02-2014 12:41 AM

While we wait for Palo Alto to wake up; please have a look at these:

http://www.symantec.com/connect/blogs/dragonfly-western-energy-companies-under-sabotage-threat

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threa...

-=Tommy=-

pulukas
L7 Applicator
In response to Dulle

‎07-02-2014 04:17 AM

If this is a critical vulnerability to you, I would open a ticket. This will get the signature escalated internally.

You can't expect an official update from PA here.  These are just user to user support forums.  We are lucky that many PA employees spend a great deal of time here.  But official support is still via tickets to the support portal.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes Likes

Dulle
L2 Linker
In response to pulukas

‎07-02-2014 04:35 AM

But we have.....

0 Likes Likes

ericgearhart
L4 Transporter

‎07-02-2014 04:46 AM

Looks like Havex made it into the ThreatVault:

https://threatvault.paloaltonetworks.com/Home/VirusDetail/2889719

0 Likes Likes

ericgearhart
L4 Transporter
In response to ericgearhart

‎07-02-2014 04:47 AM

Interestingly enough if you click on the hash links, PA's own WildFire flags it as benign! Hmph. :smileyplain:

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2022 - Palo Alto Networks